[dak/master] Allow per-suite signing keys
Signed-off-by: Mark Hymers <mhy@debian.org>
---
dak/dakdb/update57.py | 49 ++++++++++++++++++++++++++++++++++++++++++++++
dak/generate_releases.py | 22 +++++++++++---------
dak/update_db.py | 2 +-
daklib/config.py | 1 -
4 files changed, 62 insertions(+), 12 deletions(-)
create mode 100755 dak/dakdb/update57.py
diff --git a/dak/dakdb/update57.py b/dak/dakdb/update57.py
new file mode 100755
index 0000000..45a37dc
--- /dev/null
+++ b/dak/dakdb/update57.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+# coding=utf8
+
+"""
+Allow per-suite signing keys
+
+@contact: Debian FTP Master <ftpmaster@debian.org>
+@copyright: 2011 Mark Hymers <mhy@debian.org>
+@license: GNU General Public License version 2 or later
+"""
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+################################################################################
+
+import psycopg2
+from daklib.dak_exceptions import DBUpdateError
+
+################################################################################
+def do_update(self):
+ """
+ Allow per-suite signing keys
+ """
+ print __doc__
+ try:
+ c = self.db.cursor()
+
+ c.execute("""ALTER TABLE suite ADD COLUMN signingkeys TEXT[]""")
+ c.execute("""UPDATE suite SET signingkeys = signingkeys || (SELECT value FROM config WHERE name = 'signingkeyids')""")
+ c.execute("""DELETE FROM config WHERE name = 'signingkeyids'""")
+
+ c.execute("UPDATE config SET value = '57' WHERE name = 'db_revision'")
+ self.db.commit()
+
+ except psycopg2.ProgrammingError, msg:
+ self.db.rollback()
+ raise DBUpdateError, 'Unable to apply sick update 57, rollback issued. Error message : %s' % (str(msg))
diff --git a/dak/generate_releases.py b/dak/generate_releases.py
index b21f30a..6dbcdea 100755
--- a/dak/generate_releases.py
+++ b/dak/generate_releases.py
@@ -79,7 +79,7 @@ def get_result(arg):
if arg:
results.append(arg)
-def sign_release_dir(dirname):
+def sign_release_dir(suite, dirname):
cnf = Config()
if cnf.has_key("Dinstall::SigningKeyring"):
@@ -88,7 +88,6 @@ def sign_release_dir(dirname):
keyring += " --keyring \"%s\"" % cnf["Dinstall::SigningPubKeyring"]
arguments = "--no-options --batch --no-tty --armour"
- signkeyids = cnf.signingkeyids.split()
relname = os.path.join(dirname, 'Release')
@@ -100,17 +99,20 @@ def sign_release_dir(dirname):
if os.path.exists(inlinedest):
os.unlink(inlinedest)
- for keyid in signkeyids:
- if keyid != "":
- defkeyid = "--default-key %s" % keyid
- else:
- defkeyid = ""
+ # We can only use one key for inline signing so use the first one in
+ # the array for consistency
+ firstkey = False
+
+ for keyid in suite.signingkeyids:
+ defkeyid = "--default-key %s" % keyid
os.system("gpg %s %s %s --detach-sign <%s >>%s" %
(keyring, defkeyid, arguments, relname, dest))
- os.system("gpg %s %s %s --clearsign <%s >>%s" %
- (keyring, defkeyid, arguments, relname, inlinedest))
+ if firstkey:
+ os.system("gpg %s %s %s --clearsign <%s >>%s" %
+ (keyring, defkeyid, arguments, relname, inlinedest))
+ firstkey = False
class ReleaseWriter(object):
def __init__(self, suite):
@@ -279,7 +281,7 @@ class ReleaseWriter(object):
out.close()
- sign_release_dir(os.path.dirname(outfile))
+ sign_release_dir(suite, os.path.dirname(outfile))
os.chdir(oldcwd)
diff --git a/dak/update_db.py b/dak/update_db.py
index 88ff20f..a0b091a 100755
--- a/dak/update_db.py
+++ b/dak/update_db.py
@@ -46,7 +46,7 @@ from daklib.daklog import Logger
################################################################################
Cnf = None
-required_database_schema = 54
+required_database_schema = 57
################################################################################
diff --git a/daklib/config.py b/daklib/config.py
index ed8cf1d..dc90d49 100755
--- a/daklib/config.py
+++ b/daklib/config.py
@@ -115,7 +115,6 @@ class Config(object):
"""
for field in [('db_revision', None, int),
('defaultsuitename', 'unstable', str),
- ('signingkeyids', '', str),
('exportpath', '', str)
]:
setattr(self, 'get_%s' % field[0], lambda s=None, x=field[0], y=field[1], z=field[2]: self.get_db_value(x, y, z))
--
1.7.2.5
Reply to: